Overview

File u_Check-for-end-of-string-in-PatterMatch.patch of Package libXfont.7747

Path-Mainline: To be upstreamed
Author: Michal Srb <msrb@suse.com>
Subject: Check for end of string in PatterMatch.
References: bnc#1054285 CVE-2017-13720

If a pattern contains '?' character, any character in the string was skipped,
even if it was '\0'. The rest of the matching would read invalid memory.

Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
 src/fontfile/fontdir.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Index: libXfont-1.5.1/src/fontfile/fontdir.c
===================================================================
--- libXfont-1.5.1.orig/src/fontfile/fontdir.c
+++ libXfont-1.5.1/src/fontfile/fontdir.c
@@ -399,8 +399,10 @@ PatternMatch(char *pat, int patdashes, c
 		}
 	    }
 	case '?':
-	    if (*string++ == XK_minus)
+	    if ((t = *string++) == XK_minus)
 		stringdashes--;
+	    if (!t)
+		return 0;
 	    break;
 	case '\0':
 	    return (*string == '\0');
openSUSE Build Service is sponsored by
Places